Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31916

Initial request to a shardsvr mongod can return a clustertime signed with the null key

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.7.1
    • Affects Version/s: 3.6.0-rc4
    • Component/s: Sharding
    • Fully Compatible
    • ALL
    • Sharding 2018-01-01, Sharding 2017-12-18

      When interacting with a mongod in a sharded cluster, the first time a client connects directly to a mongod (instead of via mongos) it can receive a null signed clustertime. Ordinarily, this will only happen when the client has the special authorized to advance clock privilege, but it can also happen the first time an unprivileged client communicates (if that's before keys have been synced).

      When that client later attempts to gossip the time, they can receive a

      Cache Reader No keys found for HMAC that is valid for time: { ts: Timestamp 1510338396000|21 } with id: 0
      

      style error. This will only occur when the cluster itself has auth enabled (as otherwise no validation is necessary).

      For current tests, that involves blacklisting:

      • jstests/sharding/aggregation_currentop.js
      • jstests/sharding/auth_slaveok_routing.js

      and forcing jstests/libs/override_methods/validate_collections_on_shutdown.js to abort if it sees KeyNotFound.

      We should come up with a strategy to handle this and remove the blacklist

            Assignee:
            misha.tyulenev@mongodb.com Misha Tyulenev (Inactive)
            Reporter:
            mira.carey@mongodb.com Mira Carey
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: